cancel
Showing results for 
Search instead for 
Did you mean: 
btlyric
Level 12
Report Inappropriate Content
Message 1 of 5

Enable Certificate Verification + Bypass SSL Content Inspection

I'm testing a rule set that will skip SSL content inspection for a set of connections when one of the criteria is that the SSL Certificate CN matches in a specific list.

It looks something like this:

New Rule Set

   Top level criteria: Command.Name equals CONNECT or Command.Name equals CERTVERIFY

Set Client Context for SSL

   Criteria: Command.Name equals CONNECT

   Action:   Continue

   Event:   Enable SSL Client Context with CA <Default CA>

Enable Certificate Verification

   Criteria: Command.Name equals CONNECT AND URL.Destination.IP matches in list LIST

   Action:   Stop Cycle

   Event:    Enable SSL Scanner <Default Certificate Verification>

Skip SSL Inspection

   Criteria: URL.Destination.IP matches in list LIST AND SSL.Server.Certificate.CN matches in list CN-list AND  SSL.Server.Certificate.DaysExpired less than 7 and SSL.Server.CertificateChain.ContainsRevoked<CAs> equals false

   Action:   Stop Cycle

This appears to work as expected, but I was wondering if there were any gotchas I should take into consideration.

Thanks!

4 Replies

Re: Enable Certificate Verification + Bypass SSL Content Inspection

Do you want authentication?

A Stop Cycle would stop before authentication occurs.

btlyric
Level 12
Report Inappropriate Content
Message 3 of 5

Re: Enable Certificate Verification + Bypass SSL Content Inspection

Don't want or need authentication for this particular rule set.

btlyric
Level 12
Report Inappropriate Content
Message 4 of 5

Re: Enable Certificate Verification + Bypass SSL Content Inspection

As an addenum -- is there any reason to NOT enable certificate verification up near the top of the rule set?

For example...

Rule Set Near Top:

Command.Name equals CONNECT

Enable SSL Client Context

Enable Certificate Verification

followed by auth, other rule sets, and the rest of the SSL handling further down.

Re: Enable Certificate Verification + Bypass SSL Content Inspection

I would love a reply to btlyric's last question, it intrigues me.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community